MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-8608	Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action_CVE-2026-8608 The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity...	awordpresslife	Event Monster – Event Manager, Ticket Booking & Registration	Jun 5, 2026	CVE
MEDIUM 4.3	CVE-2026-7047	Frontend User Notes <= 2.1.1 - Cross-Site Request Forgery to Note Content Modification via 'confirmEdit' Action_CVE-2026-7047 The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due t...	absikandar	Frontend User Notes	Jun 5, 2026	CVE
MEDIUM 4.9	CVE-2026-6448	Quiz and Survey Master (QSM) <= 11.1.2 - Authenticated (Admin+) SQL Injection via 'order' and 'limit' Parameters_CVE-2026-6448 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' ...	expresstech	Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker	Jun 5, 2026	CVE
MEDIUM 4.3	CVE-2026-10038	Charitable <= 1.8.11.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion via 'avatar' Parameter_CVE-2026-10038 The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct ...	smub	Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6242	Authenticated Format String Vulnerability in ONVIF Subscribe Service on TP-Link Tapo C520WS_CVE-2026-6242 An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplie...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6241	Authenticated Format String Vulnerability in ONVIF AddScopes Method on TP-Link Tapo C520WS_CVE-2026-6241 An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed ...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6240	Authenticated Stack-based Buffer Overflow in ONVIF DeleteUsers Service on TP-Link Tapo C520WS_CVE-2026-6240 A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when han...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6239	Authenticated Stack-based Buffer Overflow in ONVIF CreateUsers Service in TP-Link Tao C520WS_CVE-2026-6239 A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate ...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
MEDIUM 6.9	CVE-2026-45409	Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix_CVE-2026-45409 Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Uni...	kjd	idna < 3.15	Jun 5, 2026	CVE
MEDIUM 4.3	CVE-2026-7523	Alba Board <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'card_id' Parameter_CVE-2026-7523 The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin no...	alejo30	Alba Board	Jun 5, 2026	CVE